Action log
The topic explains the user and Traceable activity captured in logs.
Action Log captures the actions taken by you or Traceable. Traceable captures all the actions carried out by you from the Administration (
) > Policies > Custom tab. This includes creating:
    Rate limiting rule
    IP range blocking rule
    Location-based blocking rule
    Custom signatures
You can filter the actions taken in the custom rule section by using the Security Configuration Change filter. When you select this filter, you would see only the changes done by the user as these are done manually. You can also filter the action logs based on Threat actor state change.
You can also select the category of actions to filter based on whether the action was carried out by you (the user) or Traceable. The actions carried out by Traceable are denoted by the Traceable icon (
The actions carried out by Traceable would be, for example, threat actor or attackers state change as shown above or when a rule is triggered like a rate limiting rule.
You can view action logs for a maximum of last one month.

Threat actor details from action log

You can view details about each log entry of action log. You can view all the events generated by a threat actor by clicking on the displayed IP address or the user name in the log entry. Traceable displays the Activity Log of that threat actor or attacker.
Threat actor details from action log
You can also navigate to Traces from the action log to view all the traces that are generated by the threat actor. Click on the filter button to navigate and view the traces for the threat actor for the date when the log entry was made.
Threat actor generated traces for the log entry
Last modified 1mo ago
Export as PDF
Copy link